Microsoft's president says tech's bruising 2018 has left scars that will result in US federal regulation as early as this year

Microsoft President Brad Smith said the tech industry is changed forever after a "watershed" 2018 when privacy became embedded into the global consciousness thanks to Facebook's Cambridge Analytica scandal.

He said new US federal privacy laws are inevitable, and could come into force as early as this year, potentially borrowing heavily from the EU's GDPR laws.

A senior source in the privacy world added that GDPR seemed radical in the US a year ago, but could now form the backbone of US legislation.

Smith told BI: "In a world where we're all working with data I think we all have opportunities to ask how we can manage it better and in a way that sustains the public's confidence."

DAVOS — Tech will never be the same again after 2018. That's the view of Brad Smith, Microsoft's president and chief legal officer, after a "watershed" year of controversy and regulation for the sector.

Referring to the so-called "tech lash," which was in part sparked by Facebook's giant Cambridge Analytica data breach in March 2018, Smith said the incident "captivated people's attention in a way that data breaches or issues in the past had not."

"It was one of these watershed years where I doubt that we'll ever go back to what was there before. People now recognise that the impact of technology is so pervasive that it requires that new steps be taken to address what's on people's minds," Smith told Business Insider at the World Economic Forum in Davos, Switzerland.

Some of these steps should come from within the industry, Smith said, others will involve government input. The likes of Apple, Facebook, and Google all support the introduction of federal privacy laws in the US, and Smith thinks they could be put in place as early as this year.

"It is possible we will see a law passed in 2019," he said, pointing out that Microsoft has lobbied for new legislation since 2005. "It's more likely that we'll see a law passed in 2020 or 21. It is now a historical inevitability that a law will be passed by Congress."

On how regulation will shake out, he said GDPR will be a useful starting point — not least because tech firms won't want to grapple with two substantially different sets of rules on managing user data.

It means US tech giants, and others guilty of abusing data, could face big financial penalties on home turf. In the EU, GDPR now dictates that firms must pay a fine of up to 4% of their annual global turnover if a data protection authority rules that they mishandled user information.

"We will see some of the principles that the Europeans have adopted but we'll see them implemented in a way that's more consistent with American political and legal traditions," he explained.

"But I think the tech sector itself ironically will find itself more supportive of rules that are similar to what we have in Europe. It would be so expensive and difficult to operate if we have to create a technical architecture that's fundamentally different from one we've created already."

This was supported by a senior source in the privacy world, who told BI that GDPR seemed radical in the US a year ago, but could now form the backbone of US legislation. The source added that privacy had been one of the major themes of Davos 2019.

Smith said: "In a world where we're all working with data I think we all have opportunities to ask how we can manage it better and in a way that sustains the public's confidence."